Boston—An FBI search warrant used to hack into thousands of computers around the world was unconstitutional, the Electronic Frontier Foundation (EFF) told a federal appeals court today in a case about a controversial criminal investigation that resulted in the largest known government hacking campaign in domestic law enforcement history.

The Constitution requires law enforcement officers seeking a search warrant to show specific evidence of a possible crime, and tie that evidence to specific persons and places they want to search. These fundamental rules protect people from invasions of privacy and police fishing expeditions.

But the government violated those rules while investigating “Playpen,” a child pornography website operating as a Tor hidden service. During the investigation, the FBI secretly seized servers running the website and, in a controversial decision, continued to operate it for two weeks rather than shut it down, allowing thousands of images to be downloaded. While running the site, the bureau began to hack its visitors, sending malware that it called a “Network Investigative Technique” (NIT) to visitors’ computers. The malware was then used to identify users of the site. Ultimately, the FBI hacked into 8,000 devices located in 120 countries around the world. All of this hacking was done on the basis of a single warrant. The FBI charged hundreds of suspects who visited the website, several of whom are challenging the validity of the warrant.

In a filing today in one such case, U.S. v. Levin, EFF and the American Civil Liberties Union of Massachusetts urged the U.S. Court of Appeals for the First Circuit to rule that the warrant is invalid and the searches it authorized unconstitutional because the warrant lacked specifics about who was subject to search and what locations and specific devices should be searched. Because it was running the website, the government was already in possession of information about visitors and their computers. Rather than taking the necessary steps to obtain narrow search warrants using that specific information, the FBI instead sought a single, general warrant to authorize its massive hacking operation. The breadth of that warrant violated the Fourth Amendment.

“No one questions the need for the FBI to investigate serious crimes like child pornography. But even serious crimes can’t justify throwing out our basic constitutional principles. Here, on the basis of a single warrant, the FBI searched 8,000 computers located all over the world. If the FBI tried to get a single warrant to search 8,000 houses, such a request would unquestionably be denied. We can’t let unfamiliar technology and unsavory crimes lead to an erosion of everyone’s Fourth Amendment rights,” said EFF Senior Staff Attorney Mark Rumold.

EFF filed a brief in January in a similar case in the Eighth Circuit Court of Appeals, and will be filing briefs in Playpen cases in the Third and Tenth Circuits in March. Some trial courts have upheld the FBI’s actions in dangerous decisions that, if ultimately upheld, threaten to undermine individuals’ constitutional privacy protections over information on personal computers.

“These cases will be cited for the future expansion of law enforcement hacking in domestic criminal investigations, and the precedent is likely to impact the digital privacy rights of allInternet users for years to come,” said Andrew Crocker, EFF Staff Attorney. “Recent changes to federal rules for issuing warrants may allow the government to hack into thousands of devices at a time. These devices can belong not just to suspected criminals but also to victims of botnets and other hacking crimes. For that reason, courts need to send a very clear message that vague search warrants that lack the required specifics about who and what is to be searched won’t be upheld.”

Related Updates

Emails Prove ICE Could Access Data from Orange County Shopping Malls, Despite the Companies' Denials In response to an ACLU report on how law enforcement agencies share information collected by automated license plate readers (ALPRs) with Immigration and Customs Enforcement, officials have been quick to denyand...

In an era where political and corporate leaders are attacking the free press as “the enemy of the people,” it’s crucial that we recognize the truth: journalists every day are uncovering stories that protect our rights and hold those in power accountable. Meanwhile, as the media landscape shrinks, non-profits are...

Despite igniting controversy over ethical lapses and the threat to civil liberties posed by its tattoo recognition experiments the first time around, the National Institute of Standards and Technology (NIST) recently completed its second major project evaluating software designed to reveal who we are and potentially what we believe based...

San Francisco—The Electronic Frontier Foundation (EFF) launched a virtual reality (VR) experience on its website today that teaches people how to spot and understand the surveillance technologies police are increasingly using to spy on communities.“We are living in an age of surveillance, where hard-to-spot cameras capture our faces and...

San Bernardino, California—The Electronic Frontier Foundation (EFF) sued the San Bernardino County Sheriff’s Department today to gain access to records about search warrants where cell-site simulators, devices that allow police to locate and track people by tricking their cell phones into a connection, were authorized in criminal investigations.EFF...

Your strong support helped us persuade California’s lawmakers to do the right thing on many important technology bills debated on the chamber floors this year. With your help, EFF won an unprecedented number of victories, supporting good bills and stopping those that would have hurt innovation and digital freedoms. Here’s...

For too long, the New York Police Department has secretly deployed cutting-edge spy tech, without notice to the public. Many of these snooping devices invade our privacy, deter our free speech, and disparately burden minority and immigrant communities. Fortunately, a proposed ordinance (“the POST Act”) would lift the cloak of...

For the second year in a row, the California State Assembly’s Appropriations Committee has effectively killed a bill that was poised to ensure transparency, community oversight, and civil liberties regarding proliferating police surveillance technology. S.B. 1186 was approved by the California Senate, as well as by two Assembly policy...

For nearly a decade, a company known as Harris Corp. managed to sell sophisticated military surveillance equipment to police departments across the U.S. without any elected policymakers knowing that their tools even existed. A proposed law in Sacramento could ensure that this history never repeats itself. Corporate secrets subvert...

Employees at Google, Microsoft, and Amazon have raised public concerns about those companies assisting U.S. military, law enforcement, and the Immigration and Customs Enforcement Agency (ICE) in deploying various kinds of surveillance technologies. These public calls from employees raise important questions: what steps should a company take...